Method, system, and storage medium for adaptive monitoring and filtering traffic to and from social networking sites

ABSTRACT

Embodiments disclosed herein provide a system, method, and computer readable storage medium storing computer instructions for implementing a Socialware architecture encompassing a suite of applications for continuously and adaptively monitoring and filtering traffic to and from social networking sites, particularly useful in an enterprise computing environment. In some embodiments, an appliance may be coupled to a proxy server for providing a plurality of Socialware services, including analyzing, logging, and reporting on traffic to and from social networking sites. Some embodiments may allow a user to report, identify, and prevent malicious and potentially malicious content and/or activity by another user. Some embodiments may encrypt outgoing traffic to and decrypt incoming traffic from social networking sites. Some embodiments may provide an enterprise user to define and restrict certain social networking activities outside of the enterprise computing environment.

CROSS-REFERENCE TO RELATED APPLICATION(S)

This application is a continuation of, and claims a benefit of priorityunder 35 U.S.C. 120 of the filing date of U.S. patent application Ser.No. 12/562,032, filed Sep. 17, 2009, entitled “METHOD, SYSTEM, ANDSTORAGE MEDIUM FOR ADAPTIVE MONITORING AND FILTERING TRAFFIC TO AND FROMSOCIAL NETWORKING SITES,” which in turn claims priority from U.S.Provisional Application No. 61/097,698, filed Sep. 17, 2008, entitled“METHOD, SYSTEM, AND STORAGE MEDIUM FOR SOCIALWARE ARCHITECTURE,” whichis fully incorporated herein by reference. This application relates to aco-pending U.S. patent application Ser. No. 12/562,034, filedconcurrently herewith, entitled “METHOD, SYSTEM, AND STORAGE MEDIUM FORSECURE COMMUNICATION UTILIZING SOCIAL NETWORKING SITES,” which isincorporated herein by reference as if set forth in full.

TECHNICAL FIELD

This invention relates generally to social networking sites, and moreparticularly, to a system, method, and computer readable storage mediumstoring computer instructions for adaptively monitoring and filteringtraffic to and from social networking sites in an enterpriseenvironment.

BACKGROUND

Advances in communications technology often change how peoplecommunicate and share information. More recently, social networkingsites are providing new ways for users to interact and keep othersabreast of their personal and business dealings. The growth of socialnetworking sites is staggering. New sites are emerging daily and newusers are joining in droves. Today, social networking sites are beingused regularly by millions of people around the globe, and it seems thatsocial networking via websites will continue to be a part of everydaylife at least in the United States.

The main types of social networking services provided by socialnetworking sites are those which contain directories or categories, ameans to connect with friends, and a means to recommend otherindividuals. For example, a social networking site may allow a user toidentify an individual as a friend, a former classmate, or an uncle. Thesocial networking site may recommend to the user another individual as apotential friend and also provide a personalized web page for the userto interact with those that the user has identified as “friends” via thesocial networking site.

Some social networking sites provide functions for members to createuser profiles, send messages to other members who are their “friends,”and personalize web pages available to friends and/or the generalpublic. Through these functions, social networking sites can connectpeople at low cost and very high efficiency. Some entrepreneurs andbusinesses looking to expand their contact base have recognized thesebenefits and are utilizing some social networking sites as a customerrelationship management tool for selling their products and services.

However, not all businesses are embracing social networking sites as anadditional method to exchange information between employees, clients,vendors, etc. The integration of social networking sites into businessesraises several critical concerns. What activities are people engaged in?What information is being disclosed? Who is the information beingdisclosed to? Is malicious or otherwise damaging material being accessedor allowed onto the business's computers? How can a business manage theactivities of particular users or groups?

Currently, there are no viable solutions to these difficult questions.Some businesses have the means to block traffic to and from socialnetworking sites. Some businesses can only hope that their employees areonly using these social networking sites in the best interest of thecompany. There is no guarantee that the employees may police their ownaccess to and participation at social networking sites and there isalways the concern of an employee knowingly or unknowingly postingconfidential information on a social networking site. Because of theserisks, many companies have not realized the efficiencies and cooperativegains that may come from embracing social networking sites.

SUMMARY

Embodiments disclosed herein provide a system, method, and computerreadable storage medium storing computer instructions for adaptivelymonitoring and filtering traffic to and from social networking sites inan enterprise environment. Some embodiments can log an enterprise user'sactivities at a social networking site external to the enterprise andgenerate a report based on those activities. More specifically, someembodiments may intercept posts and requests between a user and a socialnetworking web site, extract certain information from the posts andrequests, and log the extracted information.

In some embodiments, information sent by an enterprise user from withinan enterprise computing environment to certain social networking sitescan be encrypted in a manner that only selected users and/or groups canaccess and/or disseminate that information. More specifically, someembodiments may intercept a post or submission by an enterprise user toa social networking site and encrypt the outgoing message and/or itspayload. In some embodiments, the user's submission is persisted at anenterprise database together with a reference to the encrypted messageor a placeholder to be sent to the social networking site in its place.In some embodiments, a placeholder is sent from an enterprise computerto the social networking site over the Internet. The placeholder, whichmay be published by the social networking site on the Internet, does notcontain the enterprise user's post or submission.

Some embodiments may intercept an incoming message from a socialnetworking site, process the information contained in the incomingmessage, determine if that information references a submission by a userfrom within an enterprise computing environment, access an enterprisedatabase to retrieve the submission, and serve the submission to thedestination indicated in the incoming message. Some embodiments mayintercept an incoming message from a social networking site, determineif a decryption is needed, decrypt the message, and serve the decryptedmessage to the destination indicated in the incoming message. Theincoming message may be destined for the user or another user within theenterprise environment.

Some embodiments provide a way for enterprise users to reportpotentially malicious materials on social networking sites and onceconfirmed, prevent access to the malicious material. More specifically,some embodiments may allow users to report potentially maliciousmaterial, verify the report, and, if found to be malicious, to blockfurther access to the malicious material.

Some embodiments provide an enterprise with a plurality of controls onan enterprise user's social networking site activities. In someembodiments, the controls can be defined on a user and/or group level.For example, some embodiments may allow an enterprise to place variouslevels of restrictions on activities that its users and/or groups may bepermitted to perform on certain social networking sites.

These, and other, aspects of the disclosure will be better appreciatedand understood when considered in conjunction with the followingdescription and the accompanying drawings. It should be understood,however, that the following description, while indicating variousembodiments of the disclosure and numerous specific details thereof, isgiven by way of illustration and not of limitation. Many substitutions,modifications, additions and/or rearrangements may be made within thescope of the disclosure without departing from the spirit thereof, andthe disclosure includes all such substitutions, modifications, additionsand/or rearrangements.

DESCRIPTION OF THE DRAWINGS

The drawings accompanying and forming part of this specification areincluded to depict certain aspects of the disclosure. It should be notedthat the features illustrated in the drawings are not necessarily drawnto scale. A more complete understanding of the disclosure and theadvantages thereof may be acquired by referring to the followingdescription, taken in conjunction with the accompanying drawings inwhich like reference numbers indicate like features and wherein:

FIG. 1 depicts a diagrammatic representation of an exemplary computersystem comprising at least one computer readable storage medium storingcomputer instructions implementing an embodiment disclosed herein;

FIG. 2 depicts a diagrammatic representation of a high level networkarchitecture implementing an embodiment disclosed herein;

FIG. 3 depicts a diagrammatic representation of an embodiment ofSocialGate in a network environment;

FIG. 4 depicts a diagrammatic representation of an embodiment ofSocialGate working in conjunction with an embodiment of Socialware DataCenter;

FIG. 5 depicts a diagrammatic representation of an embodiment ofSocialGate working in conjunction with a plurality of softwareapplications connected thereto, including SocialAnalyzer, SocialCypher,SocialPatroller, and SocialOrganizer;

FIG. 6 depicts a flow chart illustrating several functions of anembodiment of SocialGate;

FIG. 7 depicts a flow chart illustrating several functions of anembodiment of SocialAnalyzer;

FIG. 8 depicts a flow chart illustrating several functions of anembodiment of SocialCypher;

FIG. 9 depicts a diagrammatic representation of an embodiment ofSocialCypher communicatively coupled to an example social networkingsite over the Internet;

FIG. 10A depicts a screenshot of an example post intended for a socialnetworking site;

FIG. 10B depicts a screenshot of an example placeholder for the post ofFIG. 10A;

FIG. 10C depicts a screenshot of the post of FIG. 10A as viewed by anauthorized user;

FIG. 11 depicts a diagrammatic representation of an embodiment ofSocialCypher operating in an enterprise computing environment;

FIG. 12 depicts a diagrammatic representation of how a user's post maybe viewed on a social networking site by various users, utilizing anembodiment of SocialCypher;

FIG. 13A depicts a screenshot of an example social networking web pageshowing posts that are encrypted by an embodiment of SocialCypher andthat may be viewed by unauthorized users;

FIG. 13B depicts a screenshot of an example social networking web pageshowing posts of FIG. 13A that are decrypted by an embodiment ofSocialCypher to be viewed by authorized users;

FIG. 14 depicts a diagrammatic representation of an example interactionbetween embodiments of SocialGate and SocialOrganizer;

FIG. 15 depicts a flow chart illustrating the administration of anembodiment of SocialOrganizer application;

FIG. 16 depicts a flow chart illustrating several functions of anembodiment of SocialOrganizer;

FIG. 17 depicts a flow chart illustrating several functions of anembodiment of SocialPatroller;

FIG. 18 depicts a screenshot of a user interface through which a user isable to approve, deny, or report a particular activity of another user;

FIG. 19 depicts a flow chart illustrating the operation of an embodimentof Social Patroller after receiving a report;

FIG. 20 depicts a diagrammatic representation of an example Socialwareappliance positioned between an enterprise network and external socialnetworking sites, the Socialware appliance implementing one or moreembodiments disclosed herein; and

FIG. 21 depicts a diagrammatic representation of an embodiment ofSocialware appliance working in conjunction with an embodiment ofSocialPatroller to continuously and adaptively monitor and controltraffic to and from social networking sites.

DETAILED DESCRIPTION OF THE INVENTION

The disclosure and various features and advantageous details thereof areexplained more fully with reference to the exemplary, and thereforenon-limiting, embodiments illustrated in the accompanying drawings anddetailed in the following description. Descriptions of known programmingtechniques, computer software, hardware, operating platforms andprotocols may be omitted so as not to unnecessarily obscure thedisclosure in detail. It should be understood, however, that thedetailed description and the specific examples, while indicating thepreferred embodiments, are given by way of illustration only and not byway of limitation. Various substitutions, modifications, additionsand/or rearrangements within the spirit and/or scope of the underlyinginventive concept will become apparent to those skilled in the art fromthis disclosure.

Software implementing embodiments disclosed herein may be implemented insuitable computer-executable instructions that may reside on acomputer-readable storage medium. Within this disclosure, the term“computer-readable storage medium” encompasses all types of data storagemedium that can be read by a processor. Examples of computer-readablestorage media can include random access memories, read-only memories,hard drives, data cartridges, magnetic tapes, floppy diskettes, flashmemory drives, optical data storage devices, compact-disc read-onlymemories, and other appropriate computer memories and data storagedevices.

As used herein, the terms “comprises,” “comprising,” “includes,”“including,” “has,” “having,” or any other variation thereof, areintended to cover a non-exclusive inclusion. For example, a process,product, article, or apparatus that comprises a list of elements is notnecessarily limited only those elements but may include other elementsnot expressly listed or inherent to such process, process, article, orapparatus. Further, unless expressly stated to the contrary, “or” refersto an inclusive or and not to an exclusive or. For example, a conditionA or B is satisfied by any one of the following: A is true (or present)and B is false (or not present), A is false (or not present) and B istrue (or present), and both A and B are true (or present).

Additionally, any examples or illustrations given herein are not to beregarded in any way as restrictions on, limits to, or expressdefinitions of, any term or terms with which they are utilized. Insteadthese examples or illustrations are to be regarded as being describedwith respect to one particular embodiment and as illustrative only.Those of ordinary skill in the art will appreciate that any term orterms with which these examples or illustrations are utilized encompassother embodiments as well as implementations and adaptations thereofwhich may or may not be given therewith or elsewhere in thespecification and all such embodiments are intended to be includedwithin the scope of that term or terms. Language designating suchnon-limiting examples and illustrations includes, but is not limited to:“for example,” “for instance,” “e.g.,” “in one embodiment,” and thelike.

Those skilled in the arts will recognize that the disclosed embodimentshave relevance to a wide variety of areas in addition to the specificexamples described below. For example, although the examples below aredescribed in the context of employers and employees, some embodimentsdisclosed herein can be adapted or otherwise implemented to work inother types of relationships, circumstances, and places such as publiclibraries, parent-child, school-student, or any other place orrelationship where it is desirable to monitor and protect traffic to andfrom social networking sites.

FIG. 1 depicts an exemplary system within a computing environment whereembodiments disclosed herein may be implemented. Components 202 ofcomputing system 200 may include, but are not limited to, processingunit 204, system memory 206, and system bus 208. System bus 208 maycouple various system components including system memory 206 toprocessing unit 204. System bus 208 may comprise any of several types ofbus structures including a memory bus or memory controller, a peripheralbus, and a local bus using any of a variety of bus architectures.

Computing system 200 may include a variety of computer readable storagemedia. Computer readable storage media can be any available storagemedia that can be accessed by computing system 200. By way of example,and not of limitation, computer readable storage media may comprisevolatile and nonvolatile storage media and removable and non-removablestorage media. Computer readable storage media storing computerinstructions implementing embodiments disclosed herein may bemanufactured by known methods and materials and may rely on knownprogramming languages and techniques for storage of information thereon.Examples of computer readable storage media may include, but are notlimited to, random access memory (RAM), read only memory (ROM), EEPROM,flash memory or other memory technology, CD-ROM, digital versatile disks(DVD) or other optical disk storage, magnetic cassettes, magnetic tape,magnetic disk storage or other magnetic storage devices, or any othermedium which can be used to store the desired information and which canbe accessed by computing system 200.

In the example shown in FIG. 1, system memory 206 includes ROM 210 andRAM 212. ROM 210 may store basic input/output system 214 (BIOS),containing the basic routines that help to transfer information betweenelements within computing system 200, such as those used duringstart-up. RAM 212 may store data and/or program modules that areimmediately accessible to and/or presently being operated on byprocessing unit 204. By way of example, and not of limitation, FIG. 1shows RAM 212 storing operating system 216, application programs 218,other program modules 220, and program data 222.

Computing system 200 may also include other removable/non-removable,volatile/nonvolatile computer readable storage media that can beemployed to store computer instructions implementing some embodimentsdisclosed herein. By way of example only, computing system 200 mayinclude hard disk drive 224, a magnetic disk drive 226, and/or opticaldisk drive 230. Hard drive 224 may read from and write to non-removable,nonvolatile magnetic media. Disk drive 226 may read from and write toremovable, nonvolatile magnetic disk 228. Optical disk drive 230 mayread from and write to a removable, nonvolatile optical disk 232 such asa CD ROM or other optical medium. Other removable/non-removable,volatile/nonvolatile computer readable storage media are also possible.As illustrated in FIG. 1, hard drive 224 may be connected to system bus208 via a non-removable memory interface, such as interface 234, andmagnetic disk drive 226 and optical disk drive 230 may be connected tosystem bus 208 via a removable memory interface, such as interface 238.

The drives and their associated computer readable storage media,discussed above, may provide storage of computer readable instructions,data structures, program modules and other data for computing system200. For example, hard disk drive 224 may store operating system 268,application programs 270, other program modules 272 and program data274. Note that these components can either be the same as or differentfrom operating system 216, application programs 218, other programmodules 220, and program data 222.

A user may enter commands and information into computing system 200 viainput devices such as tablet or electronic digitizer 240, microphone242, keyboard 244, and pointing device 246. Pointing device 246 maycomprise a mouse, a trackball, and/or a touch pad. These and other inputdevices may be connected to processing unit 204 via user input interface248. User input interface 248 may be coupled to system bus 208 or viaother interface and bus structures, such as a parallel port, a gameport, or a universal serial bus (USB).

Monitor or other type of display device 250 may be connected to systembus 208 via an interface, such as a video interface 252. Monitor 250 mayalso be integrated with a touch-screen panel or the like. Note that themonitor and/or touch screen panel can be physically coupled to a housingin which computing system 200 is incorporated, such as in a tablet-typepersonal computer. Computing system 200 may comprise additionalperipheral output devices such as speakers 256 and printer 254, whichmay be connected via an output peripheral interface 258 or the like.

Computing system 200 may operate in a networked environment and may havelogical connections to one or more remote computers, such as remotecomputing system 260. Remote computing system 260 may be a personalcomputer, a server, a router, a network PC, a peer device or othercommon network node. Although only a memory storage device 262 is shownin FIG. 1, remote computing system 260 may include many or all of thecomponents and features described above with reference to computingsystem 200.

Logical connections between computing system 200 and remote computingsystem 260 may include local area network (LAN) 264, connecting throughnetwork interface 276, and wide area network (WAN) 266, connecting viamodem 278. Additional networks may also be included.

Embodiments disclosed herein can be implemented to run on variousplatforms operating under system software such as IBM OS/2®, Linux®,UNIX®, Microsoft Windows®, Apple Mac OSX® and others in development orcommercially available. The functionality disclosed herein may beembodied directly in hardware, in a software module executed by aprocessor or in any combination of the two. Furthermore, softwareoperations may be executed, in part or wholly, by one or more servers ora client's system, via hardware, software module or any combination ofthe two. A software module (program or executable) may reside on one ormore computer readable storage media described above. In FIG. 1, anexemplary storage medium is coupled to the processor such that theprocessor can read information from, and write information to, thestorage medium. In the alternative, the storage medium may be integralto the processor. The processor and the storage medium may also residein an application specific integrated circuit (ASIC). The bus may be anoptical or conventional bus operating pursuant to various protocols thatare known to those skilled in the art.

FIG. 2 depicts a diagrammatic representation of a high level Socialwarearchitecture implementing an embodiment disclosed herein. End user 300may utilize a computing device to bi-directionally connect to SocialGate302 which is also bi-directionally connected to one or more socialnetworks 394. Example communications media that may facilitate suchbi-directional connections may include an intranet, a virtual privatenetwork (“VPN”), and/or a wireless network, etc. As an example, socialnetworks 394 may include, but are not limited to, Facebook®, LinkedIn®,Twitter®, MySpace®, Friendster®, Multiply®, Orkut®, Cyworld®, Hi5®, andothers. All trademarks, service marks, and logos used herein areproperties of their respective companies. End user 300 represents anyindividual in a public or private office, government, home, or schoolsetting.

FIG. 3 depicts a diagrammatic representation of an embodiment ofSocialGate 302 in computing environment 440. Computing environment 440may represent an entity. Examples of such an entity may include, but arenot limited to, an enterprise, a business, a company, a school, ahospital, a library, a government agency, an office, a home, and so on.For the sake of illustration and not of limitation, computingenvironment 440 is owned and operated by an enterprise and referredhereinafter as enterprise 440.

Social network 304 represents a social networking company independent ofenterprise 440. Social network 304 may comprise hardware, software,infrastructure, and people necessary to operate and maintain socialnetwork 304. Social network 304 may be implemented in many ways known tothose skilled in the art. As a specific example, a user may log in tosocial network 304 via a browser application or via a mobileapplication. The browser application may run on a wired or wirelesscomputing device and the mobile application may run on the user's mobilephone, or both the browser application and the mobile application mayrun on an Internet enabled mobile phone.

In the example of FIG. 3, SocialGate 302 is communicatively coupled tosocial network 304 over Internet 500 and functions as a gateway orintermediary between end user 300 and social network 304. For example,all outgoing requests destined for social network 304 are routed throughSocialGate 302 where they can be handed off to additional applicationsfor analysis, logging, and possible modification. End user 300 mayinteract with social network 304 through SocialGate 302. For the purposeof illustration, and not of limitation, a server machine in socialnetwork 304 may be responsible for receiving all incoming requests fromand sending corresponding responses to end user 300 via SocialGate 302.

FIG. 4 depicts a diagrammatic representation of an embodiment ofSocialGate 302 working in conjunction with an embodiment of Data Center650. In some embodiments, SocialGate 302 may be implemented as amiddleware that sits between enterprise applications and external, thirdparty applications. These applications may run on different operatingsystems/platforms. SocialGate 302 may have no control over theenterprise applications. SocialGate 302 may also have no control overthe third party applications. However, as described below, SocialGate302 can continuously and adaptively monitor the third party applicationsover a public network. Within this disclosure, social networks 349exemplify such third party applications.

Data Center 650 may be owned and operated by a company independent ofenterprise 440 and of social network 304. For example, in oneembodiment, Data Center 650 may be owned and operated by Socialware 600.Data Center 650 may comprise one or more machines, each having at leastone computer readable storage medium. The at least one computer readablestorage medium may store computer instructions implementing testingfunctionality 630. The at least one computer readable storage medium mayalso store Socialware filters 610.

In some embodiments, SocialGate 302 may be communicatively coupled toData Center 650 over a network such as Internet 500. In someembodiments, SocialGate 302 may comprise Socialware filters 615 storedon one or more computer readable storage media in enterprise 440. Withinthis disclosure, a filter comprises a piece of code that is designed torecognize a particular portion of an application-level dynamic protocol.Hypertext Transfer protocol (http) is an example of an application-levelprotocol. Unlike defined or otherwise standardized protocols such asthose used in e-mail communications and instant messaging, dynamicprotocols used by social networking sites may change over time, beundefined, and/or vary from site to site. Dynamic protocols are known tothose skilled in the art and techniques for parsing network traffic insuch protocols are also known to those skilled in the art.

In some embodiments, Socialware filters 615 that are used by SocialGate302 in enterprise 440 may be continuously updated by Data Center 650 ofSocialware 600, perhaps over a network such as Internet 500. Maintenanceof Socialware filters 615 may comprise testing Socialware filters 610utilizing testing functionality 630 at Data Center 650. Socialwarefilters 615 may comprise all or a portion of Socialware filters 610.

In some embodiments, testing functionality 630 may comprise a testdriver written to cause a real-time test signal to be passed through aparticular filter. If the filter does not produce the correct result, itis broken. When a filter is broken, Data Center 650 and/or anapplication thereof will be notified. A user at Data Center 650 reviewsthe filter, analyzes the signal, and determines what caused the filterto break down, and modify the filter accordingly. SocialGate 302 isupdated in real-time or near real-time with the updated filter.

As an example, suppose Facebook, a social networking site, changes howthey deliver an AJAX response containing a message. It may haveoriginally been in HTML format, but updated to be JSON. Testingfunctionality 630 at Data Center 650 can detect this change. Extensiblemarkup language (XML), asynchronous JavaScript and XML (AJAX), HypertextMarkup Language (HTML), and JavaScript Object Notation (JSON) are knownto those skilled in the art and thus are not further described herein.

More specifically, testing functionality 630 may generate a testmessage. In some embodiments, this is performed by a test driver writtento test a specific aspect of Facebook. The test message is sent fromData Center 650 to Facebook and may be one of many that are sent fromData Center 650 to Facebook over the Internet as illustrated in FIG. 4.In response, Facebook transmits a message as follows:

-   -   <div class=“message”>This is a Facebook message</div>.

After the Facebook message is received at Data Center 650, the testdriver sends it to a filter designed to parse the specific aspect ofFacebook for which the test driver is written. Below is an example of afilter for parsing the example Facebook message in HTML.

Filter 1—Parse HTML Message

void parse(String payload) {  HTMLDoc doc = HTMLDoc.parse( payload ); HTMLElement element = doc.findByClass( “message” );  String message =element.text( );  return message; }

The test driver then compares the output from the filter with the testmessage that the test driver had generated and sent to Facebook. Ifthere is not a difference, the filter does not need to be updated.

In some cases, a social networking site may update their applicationchanging from one message format to another. Following the aboveexample, suppose Facebook changes from using HTML to JSON and respondsto the same test message as follows:

-   -   {“message”: “This is a Facebook message”}        The test driver sends the received Facebook message to Filter 1        for parsing as before and this time the filter does not parse        the message properly. The test driver compares the output from        the filter and determines that there is a difference between the        output from the filter and the original test message, i.e., the        filter is broken and needs to be updated. Testing functionality        630 may operate to notify a user such as an engineer at Data        Center 650. Testing functionality 630 may also notify SocialGate        302 in enterprise 440. The engineer may recognize the new        message format now used by Facebook and update the filter or        provide new filter to correctly parse messages in the new        message format. Following the above example, a replacement new        filter may be written as follows:

Filter 2—Parse JSON

void parse(String payload) {  JSONArray array = JSONArray.parse( payload);  String message = array.get( “message” ).toString( );  returnmessage;    }

The updated or new filter is persisted at Data Center 650 withSocialware filters 610 and in enterprise 440 as part of Socialwarefilters 615. In some embodiments, Data Center 650 may push the updatedfilter to SocialGate 302 in real-time or substantially real-time. Insome embodiments, SocialGate 302 may pull the updated filter from DataCenter 650 as part of its maintenance routine or whenever needed.

Testing functionality 630 may comprise a plurality of test drivers thatcontinuously generate test messages for testing various socialnetworking sites. This testing is done continuously at Data Center 650for each of Socialware filters 610 to ensure the integrity of Socialwarefilters 615 in enterprise 440.

One skilled in the art will appreciate that other types of filters arealso possible. For example, various filters can be written for accesscontrol, for content control, for understanding how, when, and whatapplication external to enterprise 440 is changing, and/or what type ofchange is involved. It could be a functional change, a layout change, amessage format change, etc. For example, some embodiments may implementone or more of the following non-limiting types of filters:

-   1) Access control filters. These filters manipulate the code of a    web application to enable and disable access to certain features    depending on who the accessing user is. Some embodiments of    SocialOrganizer 316 disclosed herein may utilize access control    filters.-   2) Data archiving filters. These filters record information as it is    transmitted across the wire. This may be information that is posted    to social networks, or retrieved from social networks. Some    embodiments of SocialAnalyzer 310 disclosed herein may utilize data    archiving filters.-   3) Data security filters. These filters monitor information as it is    published to social networks. If data is deemed private or sensitive    (by a Data Leakage Protection system or otherwise), the user will be    sent a notification that they are not allowed to post that    information. Some embodiments of SocialPatroller 312 disclosed    herein may utilize data security filters.-   4) Secure messaging filters. These filters trap information before    it is able to post to a social network and store it internally. The    message is replaced or otherwise substituted with a placeholder that    is sent to the social network. If a Socialware user is sent the    message with the placeholder, Socialware will remove the placeholder    and display the original message. In some embodiments, Socialware is    implemented as a middleware. In some embodiments, Socialware is    implemented in an appliance. Some embodiments of SocialCypher 314    disclosed herein may utilize secure messaging filters.-   5) Notification Filters. These filters notify the user of certain    information. For example, a company watermark may be placed onto a    social network, informing a user of the company usage policy.

Below are non-limiting examples of various types of Socialware filters.

-   1) Access control filter, to disable Facebook chat:

void process(String page, User user) {  HTMLDoc doc = HTMLDoc.parse(page );  if (user.canAccessFacebookChat( ) == false) {   doc.findById(“chat” ).delete( );  } }

-   2) Data archiving filter, to record Facebook chat:

void process(String page, User user) {  HTTPPost post = HTTPPost.parse(page );  String from Username = post.getParam( “fromUser” );  StringtoUsername = post.getParam( “toUser” );  String message = post.getParam(“message” );  DataStore.record( fromUser, toUser, message ); }

-   3) Data security filter, to block credit card numbers from posting    to Facebook walls:

void process(String page, User user) {  HTTPPost post = HTTPPost.parse(page );  String wallPost = post.getParam( “wall_post” );  if (ContainsCreditCardNumber( wallPost ) == true ) {   ReturnErrorToUser( ); } else {   AllowMessageToPost( );  } }

-   4) Secure messaging filter, to replace Facebook wall post messages    with a placeholder:

// When posting a facebook wall post void process( String page, Useruser ) {  HTTPPost post = HTTPPost.parse( page );  String message =post.getParam( “wall_post” );  String placeholder = GetPlaceholder(message );  post.setParam( “wall_post” );  // update the page with thenew placeholder instead of message  page = post.toString( ); } // Whenviewing a wall message void process( String page, User user ) {  Stringplaceholder = GetPlaceholder( page );  String message = GetMessage(placeholder );  // replace the placeholder with the original message page.replace( placeholder, message); }

-   5) Notification Filters, add a watermark to facebook

void process( String page, User user ) {  HTMLDoc doc = HTMLDoc.parse(page );  // Insert new HTML code for the watermark  doc.addElement (GenerateFacebookWatermark( ) );  page = doc.toString( ); }

Other types of filters are also possible. In some embodiments, some orall Socialware filters 615 may be defined by enterprise 400 andmaintained/updated by Data Center 650. Enterprise 400 may comprise ruleson how to apply Socialware filters 615. These rules link transmissionsto filters. For example, a rule may operate to examine the URL a user isaccessing, and determine if that URL corresponds to a particular filter.If so, that filter will be placed on the transmission. Rules may bestored on a network server or a storage medium accessible by the server.

In some embodiments, SocialGate 302 may comprise at least one computerreadable storage medium storing Socialware filters 615 and softwareand/or hardware components for communicating with enterpriseapplications, social networking site applications, and Data Center 650.In some embodiments, SocialGate 302 may further comprise one or moreprocessors for translating instructions stored on the computer readablestorage medium. In some embodiments, those instructions may includeproviding a set of services over communication medium 605 to a serverthat handles all incoming and outgoing traffic for enterprise 440. Insome embodiments, the server is a proxy server. As shown in FIG. 4, insome embodiments, proxy server 655 may be part of SocialGate 302. Insome embodiments, proxy server 655 may be connected to a plurality ofusers in enterprise 440. In some embodiments, the plurality of users maycomprise end user 300.

FIG. 5 depicts a diagrammatic representation of an embodiment ofSocialGate working in conjunction with a plurality of softwareapplications connected thereto, including SocialAnalyzer, SocialCypher,SocialPatroller, and SocialOrganizer. SocialAnalyzer 310 monitorsnetwork traffic, logs relevant information, and produces reports basedon the network traffic and logs. Social Patroller 312 scans content fromsocial networks for potentially malicious data, alerts users ofpotentially malicious data, and provides a means to block maliciousdata. SocialCypher 314 monitors information sent to social networks andautomatically encrypts designated information such that the informationis not viewable by unauthorized users. SocialCypher 314 also monitorsinformation from social networks and automatically decrypts anyinformation for which the user is authorized to see. Finally,SocialOrganizer 316 uses user/group defined roles and permissions toallow and restrict end user activity for social networks. Each of theseapplications is discussed in greater detail below.

FIG. 6 depicts a flow chart illustrating several functions of anembodiment of SocialGate 302. First, an HTTP request is received 320.The request is analyzed to see if it is directed to or came from asocial network 322. If the request is not from or to a social network,the request is passed along to its destination without any modificationor logging 324. However, if the request is from or to a social network,the request is passed to one or more of the individual applicationsassociated with SocialGate 302 for handling 326. When the individualapplication(s) have completed, the request is passed back and if therequest is modified 328, the modified request is forwarded to theoriginal destination 330. If the request was not modified, theunmodified request is forwarded to the original destination 332. In thecase of SocialOrganizer 316 and Social Patroller 312, the request may beblocked entirely and not forwarded to the original destination as willbe more fully discussed below.

FIG. 7 depicts a flow chart illustrating several functions of anembodiment of SocialAnalyzer 310. When a request is received 334,pertinent data is logged in a database 336. This data could include, butis not limited to: request origin, request destination, requestedservice, content of request, time and date, etc. Furthermore, based onthis logged data, reports are generated 338. Example reports couldinclude, but are not limited to: which social networks are used, howeach social network is being used, who is using the social networks,what services are most widely used, etc. SocialAnalyzer 310 acts only asa monitor and does not modify or otherwise intervene with any request.This provides significant advantages to industries that require detailedaudit trails and logging. Example industries that may require detailedaudit trails and logging include medical, government, public companies,etc.

FIG. 8 depicts a flow chart illustrating several functions of anembodiment of SocialCypher 314. First, SocialCypher 314 determineswhether the HTTP traffic handed to it is a post or request 340.Generally, a post is traffic going from an end user to a website and arequest is traffic coming from a website to an end user. If the trafficis a post, SocialCypher 314 determines whether the post is to a socialnetwork 342. If the post is not to a social network, the post isforwarded unmodified 346. However, if the post is to a social network,the post is further analyzed to determine if the post containsinformation that needs to be protected or is associated with one or moreactivities or actions that need to be protected 348. If the informationand/or action(s) do not require protective action, the post is forwardedunmodified 346. If the post contains confidential information,SocialCypher 314 may operate to take protective action to secure orprevent the information and/or action(s) 350. For example, suppose afile attached to the post requires protection, the file is encrypted andforwarded to the destination 352. In some embodiments, SocialCypher 314is capable of performing on-the-fly encryption. As another example,suppose the act of attaching a file, which is stored within enterprise440, to a post intended for a social networking site outside ofenterprise 440 is a protected action or impermissible activity,SocialCypher 314 may operate to prevent the attachment from takingplace.

If the traffic is a request, the traffic is analyzed to determine if therequest contains protected information 354. If the request does notcontain any protected or encrypted information, the request is forwardedunmodified 346. However, if the request contains protected information,SocialCypher 314 determines if the proposed recipient of the protectedinformation is an authorized user or group 356. If not, the requestcontaining the protected information is passed to the recipientunmodified 346. Since the request is not modified and no decryption isperformed on the protected information, the recipient may receive theprotected information as-is. If the proposed recipient is an authorizeduser or group, SocialCypher 314 decrypts or otherwise de-secures theinformation 358 and forwards the decrypted information to the recipient360. In some embodiments, SocialCypher 314 is capable of performingon-the-fly decryption. In this way, while the secured information may bepassed to non-authorized users or groups, only authorized users orgroups can read the original information.

To secure the information, a defined cipher mechanism such assubstitution or encryption can be employed. In the event thatsubstitution is used, the protected data will be substituted for aplaceholder and the original data will be diverted to a database forstorage. If encryption is used, the data will be encrypted before it issent to the social network. Placeholder substitution is useful in theevent that the enterprise (or other user) wants to maintain completecontrol of their data and not let it reside on a third-party socialnetworking site. An example of placeholder substitution is providedbelow with reference to FIG. 9.

FIG. 9 depicts a diagrammatic representation of an embodiment ofSocialCypher 314 communicatively coupled to social network 304 over theInternet. In some embodiments, SocialCypher 314 may be implemented aspart of SocialGate 302. In some embodiments, SocialCypher 314 may beimplemented as one of Socialware filters 615. In this example, User A inenterprise 440 accesses social network 304 and sends post 701 intendedfor social network 304. SocialCypher 314 intercepts post 701 anddetermines that post 701 is for social network 304 and that post 701contains information that needs to be protected from being viewedoutside of enterprise 440. SocialCypher 314 therefore saves post 701from User A in a non-volatile memory or storage location in enterprise440, substitute post 701 with placeholder 702, and sends placeholder 702to social network 304. From the perspective of social network 304,placeholder 702 is a post by User A and is processed as such by socialnetwork 304.

Subsequently, User B in enterprise 440 also accesses social network 304.Because User B is allowed to view posts made by User A in social network304, in response to User B's request for accessing social network 304,social network 304 transmits the posts by User A, including placeholder702, to enterprise 440. SocialCypher 314 receives the incoming trafficfrom social network 304, determines that it contains placeholder 702,retrieves the original post 701 associated with placeholder 702, andforwards post 701 by User A to User B. As describe above, as anotherlayer of security measure, before sending post 701 to User B,SocialCypher 314 may determine whether User B is authorized to view post701 by User A. This is in addition to the privacy and/or securitymeasures set by User A and/or social network 304. For example, accordingto privacy/security settings in social network 304, User C in enterprise440 is also allowed to view all posts by User A. However, SocialCypher314 may determine that User C is not authorized to view post 701 by UserA and forward placeholder 702 to User C. This additional layer ofprotection can be useful in an enterprise setting in which sensitiveinformation can be protected from or provided to a user, depending uponthat user's role or security clearance in the enterprise. Because post701 is not sent outside of enterprise 440 and because placeholder 702 isstored by social network 304 in its place, even if external users(represented by User D in FIG. 9) are allowed to view all posts by UserA, they can only see placeholder 702 and not post 701.

FIG. 10A depicts a screenshot of an example post 701. FIG. 10B depicts ascreenshot of an example placeholder 702, showing what an unauthorizeduser would see on the social networking site in place of the originalpost. As FIG. 10B illustrates, placeholder 702 may contain encryptedinformation in the form of some seemingly random alphanumeric nonsense.FIG. 10C depicts a screenshot of post 701 as viewed by an authorizeduser.

FIG. 11 depicts a diagrammatic representation of an embodiment ofSocialCypher 314 operating in an enterprise computing environment. Morespecifically, enterprise 440 may comprise data repository 670 forstoring posts 760 originated within enterprise 440. In this embodiment,SocialCypher 314 is implemented as part of SocialGate 302. Specifically,SocialCypher 314 is implemented as a filter of Socialware filters 615residing within SocialGate 302. SocialGate 302 may be implemented as afixed function device or appliance having proxy 655 connected to enduser 300. End user 300 may send post 701 to proxy 655 and proxy 655 maymake a service call containing post 701 to SocialCypher 314. Inresponse, SocialCypher 314 may save post 701 in repository 670 connectedto SocialGate 302 and returns placeholder 702 to proxy 655. Proxy 655may then forward placeholder 702 to an external third party applicationor social networking site as described above.

FIG. 12 depicts a diagrammatic representation of an enterprise utilizingan embodiment of SocialCypher 314 to control how an enterprise user'spost may be viewed on a social networking site. Suppose User A, User B,User C, and User D are all friends on social network 304. However, UserD is not an employee of enterprise 440 and network traffic between UserD and social network 304 is not monitored by SocialCypher 314. Asrepresented by group 770, User A, User B, and User C work for enterprise440 and SocialCypher 314 monitors traffic between social network 304 andUser A, User B, and User C, checks information to be posted on socialnetwork 304, and modifies the information where necessary. Consequently,even though User D is a friend of User A on social network 304, User Dmay not be able to view all posts made by User A within enterprise 440.Within group 770, there may be one or more subgroups. User A and User Bare in subgroup 772 as they both work for the same engineering group inenterprise 440. Enterprise 440 may determine that User C, which is insales, should not view sensitive or confidential information posted bythe engineering group. This setting can be implemented by SocialCypher314 which operates to prevent User C from viewing sensitive orconfidential information posted by the engineering group.

FIG. 13A depicts a screenshot of example social networking web page 720showing posts 704 that are encrypted by an embodiment of SocialCypher314 and that may be viewed by unauthorized users. FIG. 13B depicts ascreenshot of an example social networking web page 710 showing posts703 as decrypted by an embodiment of SocialCypher 314 to be viewed byauthorized users.

FIG. 14 depicts a diagrammatic representation of an example interactionbetween embodiments of SocialGate 302 and SocialOrganizer 316.Generally, SocialOrganizer 316 provides the ability to defineorganizational roles, giving each role access to specific socialnetworking capabilities. In some embodiments, administrator 370 may havedirect access to SocialOrganizer 316. The SocialOrganizer 316 may storeadministrators 370 settings in database 372. When end user 300 attemptsto access social network 304, SocialGate 302 intercepts the traffic fromend user 300 and requests SocialOrganizer 316 to verify that end user300 is authorized to access social network 304.

FIG. 15 depicts a flow chart illustrating the administration of anembodiment of SocialOrganizer 316. In this example, Administrator 370first defines a group 380. After defining a group, individual users orworkstations are assigned to the group 382. Finally, allowed and/orrestricted activities are assigned to the group 384. Although notdirectly shown here, users and/or workstations may also be added orremoved from an existing group. Furthermore, allowed and/or restrictedactivities can be modified for existing groups.

FIG. 16 depicts a flow chart illustrating several functions of anembodiment of SocialOrganizer 316. When a HTTP post or request isreceived 390, SocialOrganizer 316 identifies what user/workstationinitiated the post or request and identifies the permitted/restrictedactions or activities 392. Then SocialOrganizer 316 identifies thespecific activity contained in the post or request 394. If the activityis allowed 396, SocialOrganizer 316 permits the activity to take placeby not blocking the activity 398; however, if the activity is notallowed 396, then SocialOrganizer 316 operates to block the activity400. In some embodiments, the initiating user/workstation is shown amessage explaining that the activity has been blocked because theuser/workstation does not have the proper permissions to execute thedesired action. Although described as first identifying who initiatedthe request, in some embodiments, SocialOrganizer 316 may first identifythe specific activity contained in the post or request.

FIG. 17 depicts a flow chart illustrating several functions of anembodiment of SocialPatroller 312. Social Patroller 312 may comprise twomajor functions: (a) injecting a report function into potentiallymalicious content on social networking sites; and (b) blocking confirmedmalicious content on social networking sites from being access fromwithin enterprise 440. More specifically, in some embodiments, SocialPatroller 312 may identify whether a particular action or traffic ispotentially malicious 410. If the action or traffic is not potentiallymalicious, Social Patroller 312 does not modify the action or traffic412; however, if the action or traffic is potentially malicious, SocialPatroller 312 may operate to inject or otherwise add a report functionto a page or document to be viewed by the recipient. In someembodiments, the added report function is displayed on the page ordocument as a “Report” button.

FIG. 18 depicts a screenshot of a user interface through which a user isable to approve, deny, or report a particular activity of another user.In some embodiments, every piece of content that is delivered to an enduser is monitored for potentially malicious content. In this example,Social Patroller 312 may determine that the incoming request from K-Swanis potentially malicious. Thus, Social Patroller 312 adds “Report”button 430 to allow the recipient to approve, deny, or report thisrequest.

FIG. 19 depicts a flow chart illustrating the operation of an embodimentof Social Patroller 312 after receiving such a report. Social Patroller312 receives report 420. The report is analyzed 422 to determine if thereported content is actually malicious 424. In some embodiments, thereport may be reviewed manually to determine whether the content isactually malicious. In some embodiments, the report evaluation could beautomated based on a set of rules or using applications similar to“virus” style scans. If the content is determined to be non-malicious,no further action is taken 428. However, if the content is determined tobe malicious, then the content is added to a database and future accessto the content is restricted or otherwise modified 426. If a later userattempted to access content that was determined to be malicious, theaccess request would be denied or otherwise alerted. In someembodiments, if the content was blocked, the user would also receive amessage indicating that the content the user attempted to access wasblocked because the content was determined to be malicious.

In some embodiments, the blocked or otherwise logged malicious andpotentially malicious content are hosted independent of the individualapplications described above. This allows the most up-to-dateinformation to be immediately available to Social Patroller 312. Thisalso provides the most current information to Social Patroller 312without any additional intervention by the user such as: manualdownload, installation, update, etc.

FIG. 20 depicts a diagrammatic representation of an example Socialwareappliance 444 implementing one or more embodiments disclosed herein. Inthis example, Socialware appliance 444 is positioned between enterprise440 and external social networking sites 384. In some embodiments, theabove-described Socialware applications are installed within securednetwork 442 in enterprise 440. Socialware Appliance 444 functions as anintercepting proxy for secured network 442 and connects users 300 andexternal social networking sites 384. As FIG. 20 illustrates, SocialwareAppliance 444 is placed in the path of all network traffic forenterprise 440. From this point, Socialware Appliance 444 can monitorall internet traffic and manage enterprise-wide activities associatedwith external social networking sites 384, without intervention orknowledge by end user 300.

FIG. 21 depicts a diagrammatic representation of an embodiment ofSocialware appliance 444 working in conjunction with an embodiment ofSocialPatroller appliance 450 to continuously and adaptively monitor andcontrol traffic to and from social networking sites 384. In thisexample, Social Patroller appliance 450 is situated outside ofenterprise 440. This allows other users 452, 454, and 456 to reportmalicious and/or potentially malicious content while benefiting from thereports generated from within enterprise 440. This also allows usersconnected to Social Patroller appliance 450 to help police socialnetworking sites 384 for malicious and potentially malicious code.Furthermore, by moving Social Patroller appliance 450 to a centralizedlocation, it provides significantly more flexibility. One of theseimprovements is an enhanced ability to respond and adapt to new threats.If a new threat is identified, Social Patroller appliance 450 canimmediately be updated to locate and neutralize the threat withouthaving to wait for a release cycle or an end user update, which is whatcurrent virus scanners do.

Although shown and described throughout this disclosure with specificreference to an enterprise, this disclosure is intended to encompassother networking and business environments including, but not limitedto: small businesses, individual users, homes, public networks, etc. Itshould be understood that the description is by way of example only andis not to be construed in a limiting sense. It is to be furtherunderstood, therefore, that numerous changes in the details of theembodiments disclosed herein and additional embodiments will be apparentto, and may be made by, persons of ordinary skill in the art havingreference to this description. For example, in addition to the abovedescribed embodiments, those skilled in the art will appreciate thatthis disclosure has application in a wide array of arts in addition tosocial networking and this disclosure is intended to include the same.Accordingly, the scope of the present disclosure should be determined bythe following claims and their legal equivalents.

What is claimed is:
 1. A method for adaptively filtering network trafficto and from social networking sites, comprising: generating a testmessage by a data center computer residing at a data center; sending thetest message from the data center to a social networking site; parsing aresponse from the social networking site utilizing a first filter at thedata center, the first filter comprising a piece of code translatable bya processor to recognize a particular portion of an application-leveldynamic protocol utilized by the social networking site; comparing anoutput from the first filter with the test message to determine whetherthe first filter is able to parse the response from the socialnetworking site correctly; and updating the first filter or creating asecond filter to parse the response from the social networking sitecorrectly if the first filter is unable to parse the response from thesocial networking site correctly.
 2. The method according to claim 1,further comprising: providing the updated first filter or the secondfilter to a software module running on one or more machines in acomputing environment, wherein the software module is configured formonitoring network traffic between the computing environment and thesocial networking site.
 3. The method according to claim 2, wherein theproviding is performed in real-time or substantially real-time inassociation with the updating.
 4. The method according to claim 2,wherein the providing is performed in response to a pulling request fromthe software module.
 5. The method according to claim 2, wherein thedata center, the social networking site, and the computing environmentare independently controlled.
 6. The method according to claim 2,further comprising: replacing a version of the first filter stored onone or more computer readable storage media residing in the computingenvironment with the updated first filter or the second filter.
 7. Themethod according to claim 1, further comprising: notifying, by the datacenter, a software module running on one or more machines in a computingenvironment that the first filter is broken, if the first filter isunable to parse the response from the social networking site correctly.8. A computer program product comprising at least one non-transitorycomputer-readable storage medium storing computer instructionstranslatable by a data center computer residing at a data center toperform: generating a test message; sending the test message from thedata center to a social networking site; parsing a response from thesocial networking site utilizing a first filter at the data center, thefirst filter comprising a piece of code translatable by a processor torecognize a particular portion of an application-level dynamic protocolutilized by the social networking site; comparing an output from thefirst filter with the test message to determine whether the first filteris able to parse the response from the social networking site correctly;and updating the first filter or creating a second filter to parse theresponse from the social networking site correctly if the first filteris unable to parse the response from the social networking sitecorrectly.
 9. The computer program product of claim 8, wherein thecomputer instructions are further translatable by the data centercomputer to perform: providing the updated first filter or the secondfilter to a software module running on one or more machines in acomputing environment, wherein the software module is configured formonitoring network traffic between the computing environment and thesocial networking site.
 10. The computer program product of claim 9,wherein the providing is performed in real-time or substantiallyreal-time in association with the updating.
 11. The computer programproduct of claim 9, wherein the providing is performed in response to apulling request from the software module.
 12. The computer programproduct of claim 9, wherein the computer instructions are furthertranslatable by the data center computer to perform: replacing a versionof the first filter stored on one or more computer readable storagemedia residing in the computing environment with the updated firstfilter or the second filter.
 13. The computer program product of claim8, wherein the computer instructions are further translatable by thedata center computer to perform: notifying, by the data center, asoftware module running on one or more machines in a computingenvironment that the first filter is broken, if the first filter isunable to parse the response from the social networking site correctly.14. A system for adaptively filtering network traffic to and from socialnetworking sites, comprising: a data center computer residing at a datacenter; and at least one non-transitory computer-readable storage mediumstoring computer instructions translatable by the data center computerto perform: generating a test message; sending the test message from thedata center to a social networking site; parsing a response from thesocial networking site utilizing a first filter at the data center, thefirst filter comprising a piece of code translatable by a processor torecognize a particular portion of an application-level dynamic protocolutilized by the social networking site; comparing an output from thefirst filter with the test message to determine whether the first filteris able to parse the response from the social networking site correctly;and updating the first filter or creating a second filter to parse theresponse from the social networking site correctly if the first filteris unable to parse the response from the social networking sitecorrectly.
 15. The system of claim 14, wherein the computer instructionsare further translatable by the data center computer to perform:providing the updated first filter or the second filter to a softwaremodule running on one or more machines in a computing environment,wherein the software module is configured for monitoring network trafficbetween the computing environment and the social networking site. 16.The system of claim 15, wherein the providing is performed in real-timeor substantially real-time in association with the updating.
 17. Thesystem of claim 15, wherein the providing is performed in response to apulling request from the software module.
 18. The system of claim 15,wherein the data center, the social networking site, and the computingenvironment are independently controlled.
 19. The system of claim 15,wherein the computer instructions are further translatable by the datacenter computer to perform: replacing a version of the first filterstored on one or more computer readable storage media residing in thecomputing environment with the updated first filter or the secondfilter.
 20. The system of claim 14, wherein the computer instructionsare further translatable by the data center computer to perform:notifying, by the data center, a software module running on one or moremachines in a computing environment that the first filter is broken, ifthe first filter is unable to parse the response from the socialnetworking site correctly.